Although some industries may be targeted more often than others for cyberattacks, every organisation must take necessary security precautions and make cybersecurity a top priority and investment, according to technology company Forescout.
Forescout senior director for Asia Pacific and Japan Steve Hunter says it’s well worth investing some effort up front to evaluate the options.
And be prepared to ask some tough questions of those selling security solutions.
“Making the best investment with a potentially limited security budget can be a daunting task for security and risk management (SRM) leaders,” Mr Hunter said.
“Some of the reasons for this include the fact that no two organisations
are identical, which means that security mindset is also different.
Cyberthreats are also evolving at a remarkable pace, making it difficult to
ensure protection against the latest threats.”
In addition to evolving threats, the cyber landscape is also changing rapidly.
Traditional IT networks and infrastructure are becoming increasingly intertwined and connected to operational technology (OT) networks and infrastructure.
Consequently, devices typically limited to the IT environment, if unsecure, can put entire OT networks at risk.
To help simplify the decision-making process, Forescout has boiled the issue down to seven key questions to find the best product for your organisation.
1. Is the solution vendor-agnostic? Too often, organisations identify what they think will be a security silver bullet, only to discover after purchase and implementation that the product is not compatible with other products or applications on their network. It is critical that products are vetted to ensure they are compatible and vendor-agnostic.
2. Does the solution provide asset discovery to enable operational continuity and system integrity? Often organisations, even those with good asset inventory and asset management practices, will fail to account for every device that’s on their network. A good security solution will let organisations identify and inventory every connected device on their network in real time, regardless of device type.
3. Does the solution detect and alert on known common vulnerabilities and exposures (CVEs)? Whitelisting and generic anomaly detection are common OT security approaches. Whilst important, the best approach should include well-mapped OT system CVE discovery for faster detection and to improve risk management from Day 1.
4. Can the solution evolve from mirror mode to in-line security? Active prevention may be a desired, long-term goal when it comes to monitoring and detection, however many organisations lack either the security maturity or necessary resources to enable such features as part of initial deployment. However, as the organisation matures, it’s important to have the option to switch from passive detection to active prevention.
5. Does the solution provide IT support in addition to OT? This
question is especially important to ask when seeking to protect an OT
environment. Because OT attacks have historically started in the IT
environment, then stealthily moved laterally into the OT environment, it’s
important to detect IT-originated but OT-targeted attacks before they reach the
6. Does the solution support secure IT/OT alignment? IT-OT convergence is on the rise; yet, the supporting infrastructure and networks differ significantly and can’t be treated the same when it comes to cyber defence. It’s critical that decision-makers evaluate a product not only on its ability to protect both environments, but also on its ability to integrate with other security solutions, protocols, software and hardware.
7. Is the solution designed to live in an OT environment from a hardware or operating environment perspective? Many solutions are designed to function within the comfort of a temperature-regulated server room with a backup power supply or generator; the type of facility typically provided in IT environments. OT environments, on the other hand, do not always afford such controlled environments and, as a result, can test the limits of many solutions. It’s important to account for the environmental conditions where the product will be used and ensure the solution can run in sites requiring support for hazardous environment operations.